Database Security using Discretionary Access Control By Sumitro Bhaumik – 000911001011 Jyotishkar Dey – 000911001036
Nov 27, 2014
Database Security using Discretionary Access Control
BySumitro Bhaumik – 000911001011Jyotishkar Dey – 000911001036
What is Discretionary Access Control in a database?
A new paradigm of database
security which assigns different
security levels to users and as well
as attributes depending upon some
security policies as per requirement
A Traditional Database
Why do we need it?•Conventional database security does not provide
“granular security”
•You either have access or have no access to a database
•But items in a database are of different types, need
different security
•One “easy” solution; keep items of same security levels
in different tables
Problems
•Conflict with relational dependencies
•Increased complexity in order to preserve both
relational dependencies and security dependencies
Solution!
“Multi-level Security System”Users of a particular security level can only access
elements in a database which correspond to his/her
security level
This way, sensitive data in the same database will be
hidden, while still allowing the public to access the central
database
Working PrincipleThe Bell-LaPadula Model
This model focuses on data confidentiality and
controlled access to classified information. In this
formal model, the entities in an information system are
divided into subjects and objects. The Bell–LaPadula is
built on the concept of a state machine with a set of
allowable “secure states”. The notion of a "secure state"
is defined, and it is proven that each state transition
preserves security by moving from secure state to
secure state. This inductively proves that the system
satisfies the security objectives of the model
The Bell-LaPadula ModelThe Bell–LaPadula model defines a “secure state”
through three multilevel properties
• The Simple Security Property (ss Property)
• The * (star) Security Property
• The Discretionary Security Property
Working Principle
Working Principle
The Simple Security Property
This policy requires a subject of lower security level
cannot read from an object of higher security level, that
is, no “read-up”
Working Principle
The * (Star) Security Property
This policy requires a subject of higher security level
not to write on an object of lower security level, that is,
no “write down”
Working Principle
The Discretionary Security
Property
This policy does not require any hard and fast rule.
A security mapping is created between subjects and
objects which indicates which subject can read and
write into which object.
A sample FSA of the Bell-LaPadula Model
Steps Followed To Design a Secure Database
1. Identification of subjects, objects and permitted
actions (identification process)
1. Identification of the subjects
2. Identification of the objects
2. Assignment of security labels (labeling process)
1. Assignment of security labels to the subjects
2. Assignment of security labels to the objects
Identification of subjects Identification of objects
Labeling of subjects
Labeling of objects
Pros & ConsPros• Gives finer control over the security of the database
• Attributes do not loose their functional dependency
• No need to change original database to implement this
feature; transparent. Hence, very easy to mobilize the
technology
• There needs to be only one global database which
users can use, without any fear of leakage of sensitive
data. No need to create a separate database for
different security levels
Cons• For every query, the security level of every element
needs to be checked with the security level of the user.
Hence, the process is a bit slow
• Care has to be taken for some special conditions which
might arise during “write up” operations
Pros & Cons
Area of Use• Banking• Defense• Office• Public/Private database
Thank You!